instant 0.0.3 → 0.0.4

data/instant.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "instant"
-  s.version = "0.0.3"
+  s.version = "0.0.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Francis Chong"]

data/lib/instant/runner.rb

@@ -3,24 +3,31 @@ require 'timeout'
 
 module Instant
   class Runner
-    def initialize(processor = Processor.new)
+    def initialize(processor = Processor.new, timeout=1)
       @processor = processor
+      @timeout   = timeout
     end
 
-    def run(source, timeout=1)      
+    def run(source)      
       begin
         @processed = @processor.process(source)
         context = Context.new
         return_value = nil
 
-        begin          
-          Timeout::timeout(timeout) do
-            return_value = context.instance_eval(@processed)
+        begin
+          thread = Thread.new do
+            $SAFE = 3          
+            Timeout::timeout(@timeout) do
+              return_value = context.instance_eval(@processed)
+            end
           end
+          thread.join
         ensure
           context.close
         end
         {:status => :ok, :result => context.to_s, :return_value => return_value}
+      rescue SecurityError => e
+        {:status => :error, :cause => :security_error, :message => format_error(e), :result => context.to_s }
       rescue SyntaxError => e
         {:status => :error, :cause => :syntax_error, :message => format_error(e), :result => context.to_s }
       rescue Racc::ParseError => e
@@ -28,7 +35,7 @@ module Instant
       rescue Instant::LoopTooDeepError => e
         {:status => :error, :cause => :loop_too_deep, :message => "Loop too deep", :result => context.to_s }
       rescue Timeout::Error => e
-        {:status => :error, :cause => :timeout, :message => "Timeout: code take more than #{timeout}s to run.", :result => context.to_s }
+        {:status => :error, :cause => :timeout, :message => "Timeout: code take more than #{@timeout}s to run.", :result => context.to_s }
       rescue StandardError => e
         {:status => :error, :cause => :unknown, :message => format_error(e), :result => context.to_s }        
       end

data/lib/instant/version.rb

@@ -1,3 +1,3 @@
 module Instant
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/spec/instant/runner_spec.rb

@@ -80,5 +80,23 @@ describe Instant::Runner do
       results = result[:result].split("\n")
       results[0].strip.should =~ /k        =   1/
     end
+    
+    it "should guard against dangerous code" do
+      source = "def hello
+    k = 1
+    fork do
+      puts 'haha!'
+    end
+  end; hello"
+
+      runner = Instant::Runner.new
+      result = runner.run(source)
+      result[:status].should == :error
+      result[:cause].should == :security_error
+
+      results = result[:result].split("\n")
+      results[0].strip.should =~ /k        =   1/
+      
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: instant
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2012-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby2ruby
-  requirement: &70272864264440 !ruby/object:Gem::Requirement
+  requirement: &70152269239240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 1.3.1
   type: :runtime
   prerelease: false
-  version_requirements: *70272864264440
+  version_requirements: *70152269239240
 - !ruby/object:Gem::Dependency
   name: ruby_parser
-  requirement: &70272864263620 !ruby/object:Gem::Requirement
+  requirement: &70152269236960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 2.3.1
   type: :runtime
   prerelease: false
-  version_requirements: *70272864263620
+  version_requirements: *70152269236960
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70272864263040 !ruby/object:Gem::Requirement
+  requirement: &70152269236140 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,10 +43,10 @@ dependencies:
         version: 2.9.0
   type: :development
   prerelease: false
-  version_requirements: *70272864263040
+  version_requirements: *70152269236140
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70272864262320 !ruby/object:Gem::Requirement
+  requirement: &70152269235360 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +54,10 @@ dependencies:
         version: '1.1'
   type: :development
   prerelease: false
-  version_requirements: *70272864262320
+  version_requirements: *70152269235360
 - !ruby/object:Gem::Dependency
   name: echoe
-  requirement: &70272864261780 !ruby/object:Gem::Requirement
+  requirement: &70152269234860 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70272864261780
+  version_requirements: *70152269234860
 - !ruby/object:Gem::Dependency
   name: autotest
-  requirement: &70272864260820 !ruby/object:Gem::Requirement
+  requirement: &70152269233940 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70272864260820
+  version_requirements: *70152269233940
 - !ruby/object:Gem::Dependency
   name: pry
-  requirement: &70272864259600 !ruby/object:Gem::Requirement
+  requirement: &70152269232540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,7 +87,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70272864259600
+  version_requirements: *70152269232540
 description: An experiment on real time visualize development tool.
 email: francis@ignition.hk
 executables: []